I suppose the first thing to point out is the difference between person-ids and application-ids.
For my personal login, INFA uses OKTA. I have to login to OKTA, and it pings my cellphone, and I have to respond within a certain amount of time, saying that "yes, that was me", or my login is denied.
For application-ids, you can't do that. There isn't a person to respond. This is one software package talking to another software package. No cellphone, no radio token, nothing like that. You literally can't do that kind of authentication.
The second thing to point out is frequency. These are automated routines that run day and night, with multiple iterations. You don't *want* human responses in the way of them running.
You need to establish some kind of trusted relationship where if they meet whatever criteria is set, they just run.
So, when we come to trusted relationship, I assume certificates can be one option. What I understand is CDC connects to Oracle DB via SQLNet. So, will it be responsibility of the Oracle client to establish trusted relationship with DB server using certificates? Or Informatica CDC has any role to play in this?
PWX Express CDC for Oracle uses the local Oracle client (CLI) to talk to both Oracle DB and Oracle ASM.
If you have Oracle kerberized, then that is invisible to PWX, because that occurs between the Oracle client and the Oracle DB (or ASM).